On Sun, 10 Mar 2013, Jason Hall wrote: > Are there plans to support ECDSA keys? All other recommended > protocols (AES GCM, ECDH) are currently supported. > > When attempting to start IKEd (iked -dvv) with ECDSA keys, the error message > is: > ca_key_serialize: unsupported key type 408 > fatal: ca: failed to serialize private key > > For more information on Suite B Authentication Methods, check out RFC > 6380 (https://tools.ietf.org/html/rfc6380) section 4.3, and Suite B in > general RFC 6379 (http://tools.ietf.org/html/rfc6379).
OpenSSH also has some decent examples for handling ECDSA including serialisation and deserialisation and public value sanity checking. I'm happy to answer questions if someone is implementing it. -d
